server

package

v0.3.0-alpha Latest Latest Go to latest Published: Jun 21, 2021 License: Apache-2.0, BSD-3-Clause Imports: 18 Imported by: 11

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/go-tpm-tools

Documentation ¶

Overview ¶

Package server contains functions to be ran on a server (no TPM needed), as oppose to a client (with TPM).

Index ¶

func CreateEKPublicAreaFromKey(k crypto.PublicKey) (tpm2.Public, error)
func CreateImportBlob(ekPub crypto.PublicKey, sensitive []byte, pcrs *tpmpb.Pcrs) (*tpmpb.ImportBlob, error)
func CreateSigningKeyImportBlob(ekPub crypto.PublicKey, signingKey crypto.PrivateKey, pcrs *tpmpb.Pcrs) (*tpmpb.ImportBlob, error)
func ParseAndVerifyEventLog(rawEventLog []byte, pcrs *tpmpb.Pcrs) ([]attest.Event, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateEKPublicAreaFromKey ¶

func CreateEKPublicAreaFromKey(k crypto.PublicKey) (tpm2.Public, error)

CreateEKPublicAreaFromKey creates a public area from a go interface PublicKey. Supports RSA and ECC keys.

func CreateImportBlob ¶

func CreateImportBlob(ekPub crypto.PublicKey, sensitive []byte, pcrs *tpmpb.Pcrs) (*tpmpb.ImportBlob, error)

CreateImportBlob uses the provided public EK to encrypt the sensitive data. The returned ImportBlob can then be decrypted and imported using the client Key.Import() method. A non-nil pcrs parameter adds a requirement that the TPM must have specific PCR values for Import() to succeed.

func CreateSigningKeyImportBlob ¶ added in v0.2.0

func CreateSigningKeyImportBlob(ekPub crypto.PublicKey, signingKey crypto.PrivateKey, pcrs *tpmpb.Pcrs) (*tpmpb.ImportBlob, error)

CreateSigningKeyImportBlob uses the provided public EK to encrypt the signing key into import blob format. The returned import blob can be used to import the signing key into the TPM associated with the provided EK without exposing the private area to the TPM's OS using the client Key.ImportSigningKey() method. A non-nil pcrs parameter adds a requirement that the TPM must have specific PCR values to use the signing key.

func ParseAndVerifyEventLog ¶

func ParseAndVerifyEventLog(rawEventLog []byte, pcrs *tpmpb.Pcrs) ([]attest.Event, error)

ParseAndVerifyEventLog parses a raw event log and replays the parsed event log against the given PCR values. It returns the events verified particular PCR indexes/digests and an error if the replay for any PCR index does not match the provided value.

It is the caller's responsibility to call server.Verify with those PCRs, a trusted public key, and a quote using the private part of the trusted key to ensure that the PCRs are generated by a known TPM.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL